Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Drupal up to 7.73/8.8.10/8.9.8/9.0.7 File unrestricted upload

A vulnerability classified as critical has been found in Drupal up to 7.73/8.8.10/8.9.8/9.0.7 (Content Management System). This affects some unknown processing of the component File Handler. Upgrading to version 7.74, 8.8.11, 8.9.9 or 9.0.8...
Auteur: VulDB

CERTFR-2020-AVI-768 : Multiples vulnérabilités dans F5 BIG-IP (20 novembre 2020)

De multiples vulnérabilités ont été découvertes dans F5 BIG-IP. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité.

Auteur: Cert FR

CERTFR-2020-AVI-767 : Multiples vulnérabilités dans les produits VMware (20 novembre 2020)

De multiples vulnérabilités ont été découvertes dans VMware les produits VMware. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et une élévation de privilèges.

Auteur: Cert FR

CERTFR-2020-AVI-766 : Multiples vulnérabilités dans Microsoft Edge (20 novembre 2020)

De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2020-AVI-765 : Vulnérabilité dans IBM Db2 (20 novembre 2020)

Une vulnérabilité a été découverte dans IBM Db2. Elle permet à un attaquant de provoquer une exécution de code arbitraire.

Auteur: Cert FR

CERTFR-2020-AVI-764 : Multiples vulnérabilités dans le noyau Linux de SUSE (20 novembre 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et une atteinte à l'intégrité des...
Auteur: Cert FR

Mitsubishi Electric MELSEC iQ-R resource consumption [CVE-2020-5668]

A vulnerability was found in Mitsubishi Electric MELSEC iQ-R (affected version not known). It has been rated as problematic. Affected by this issue is an unknown code block. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

IBM Power9 L1 Cache information disclosure [CVE-2020-4788]

A vulnerability was found in IBM Power9 (affected version unknown). It has been declared as problematic. Affected by this vulnerability is an unknown code of the component L1 Cache Handler.
Auteur: VulDB

Schneider Electric EcoStruxure Building Operation WebReports up to 3.1 Access Control access control

A vulnerability was found in Schneider Electric EcoStruxure Building Operation WebReports up to 3.1 (SCADA Software). It has been classified as critical. Affected is an unknown part of the component Access Control Handler. There is no information...
Auteur: VulDB

Schneider Electric EcoStruxure Building Operation WebReports up to 3.1 XML External Entity xml external entity reference

A vulnerability was found in Schneider Electric EcoStruxure Building Operation WebReports up to 3.1 (SCADA Software) and classified as critical. This issue affects some unknown functionality of the component XML External Entity Handler. There is...
Auteur: VulDB

Schneider Electric EcoStruxure Building Operation WebReports up to 3.1 Web Page Generation cross site scripting

A vulnerability has been found in Schneider Electric EcoStruxure Building Operation WebReports up to 3.1 (SCADA Software) and classified as problematic. This vulnerability affects an unknown functionality of the component Web Page Generation...
Auteur: VulDB

Schneider Electric EcoStruxure Building Operation WebReports up to 3.1 Web Page Generation cross site scripting

A vulnerability, which was classified as problematic, was found in Schneider Electric EcoStruxure Building Operation WebReports up to 3.1 (SCADA Software). This affects an unknown function of the component Web Page Generation Handler. There is no...
Auteur: VulDB

Schneider Electric EcoStruxure Building Operation WebReports up to 3.1 unrestricted upload

A vulnerability, which was classified as critical, has been found in Schneider Electric EcoStruxure Building Operation WebReports up to 3.1 (SCADA Software). Affected by this issue is some unknown processing. There is no information about...
Auteur: VulDB

Schneider Electric Modicon M221 information disclosure [CVE-2020-7568]

A vulnerability classified as problematic was found in Schneider Electric Modicon M221 (SCADA Software) (affected version unknown). Affected by this vulnerability is an unknown code block. There is no information about possible countermeasures...
Auteur: VulDB

Schneider Electric Modicon M221 missing encryption [CVE-2020-7567]

A vulnerability classified as problematic has been found in Schneider Electric Modicon M221 (SCADA Software) (version unknown). Affected is an unknown code. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Schneider Electric Modicon M221 random values [CVE-2020-7566]

A vulnerability was found in Schneider Electric Modicon M221 (SCADA Software) (unknown version). It has been rated as problematic. This issue affects an unknown part. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Schneider Electric Modicon M221 inadequate encryption [CVE-2020-7565]

A vulnerability was found in Schneider Electric Modicon M221 (SCADA Software) (the affected version is unknown). It has been declared as problematic. This vulnerability affects some unknown functionality. There is no information about possible...
Auteur: VulDB

Schneider Electric Easergy T300 up to 2.7 access control [CVE-2020-7561]

A vulnerability was found in Schneider Electric Easergy T300 up to 2.7 (SCADA Software). It has been classified as critical. This affects an unknown functionality. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Schneider Electric EcoStruxure Control Expert PLC Simulator buffer overflow

A vulnerability was found in Schneider Electric EcoStruxure Control Expert (SCADA Software) (affected version not known) and classified as critical. Affected by this issue is an unknown function of the component PLC Simulator. There is no...
Auteur: VulDB

Schneider Electric IGSS Definition 14.0.0.20247 Configuration Group File Def.exe out-of-bounds write

A vulnerability has been found in Schneider Electric IGSS Definition 14.0.0.20247 (SCADA Software) and classified as critical. Affected by this vulnerability is some unknown processing of the file Def.exe of the component Configuration Group File...
Auteur: VulDB

Schneider Electric IGSS Definition 14.0.0.20247 Configuration Group File Def.exe out-of-bounds read

A vulnerability, which was classified as problematic, was found in Schneider Electric IGSS Definition 14.0.0.20247 (SCADA Software). Affected is an unknown code block of the file Def.exe of the component Configuration Group File Handler. There is...
Auteur: VulDB

Schneider Electric IGSS Definition 14.0.0.20247 Configuration Group File Def.exe out-of-bounds write

A vulnerability, which was classified as critical, has been found in Schneider Electric IGSS Definition 14.0.0.20247 (SCADA Software). This issue affects an unknown code of the file Def.exe of the component Configuration Group File Handler. There...
Auteur: VulDB

Schneider Electric IGSS Definition 14.0.0.20247 Configuration Group File Def.exe out-of-bounds write

A vulnerability classified as critical was found in Schneider Electric IGSS Definition 14.0.0.20247 (SCADA Software). This vulnerability affects an unknown part of the file Def.exe of the component Configuration Group File Handler. There is no...
Auteur: VulDB

Schneider Electric IGSS Definition 14.0.0.20247 Configuration Group File Def.exe memory corruption

A vulnerability classified as critical has been found in Schneider Electric IGSS Definition 14.0.0.20247 (SCADA Software). This affects some unknown functionality of the file Def.exe of the component Configuration Group File Handler. There is no...
Auteur: VulDB

Schneider Electric IGSS Definition 14.0.0.20247 Configuration Group File Def.exe out-of-bounds write

A vulnerability was found in Schneider Electric IGSS Definition 14.0.0.20247 (SCADA Software). It has been rated as critical. Affected by this issue is an unknown functionality of the file Def.exe of the component Configuration Group File...
Auteur: VulDB
12345678910Last

Événements SSI